A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.0 through 7.0.3, FortiPortal version 6.0.0 through 6.0.14, FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15, 6.2.0 through 6.2.16, 6.0.0 through 6.0.18 allows attacker to execute unauthorized code or commands via specially crafted packets.
References
| Link | Resource |
|---|---|
| https://fortiguard.fortinet.com/psirt/FG-IR-24-032 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
History
12 Dec 2024, 19:33
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Fortinet fortipam
Fortinet Fortinet fortiswitchmanager Fortinet fortiportal Fortinet fortios Fortinet fortimanager Fortinet fortiproxy |
|
| CPE | cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* |
|
| References | () https://fortiguard.fortinet.com/psirt/FG-IR-24-032 - Vendor Advisory |
Information
Published : 2024-11-12 19:15
Updated : 2024-12-12 19:33
NVD link : CVE-2024-26011
Mitre link : CVE-2024-26011
CVE.ORG link : CVE-2024-26011
JSON object : View
Products Affected
fortinet
- fortiswitchmanager
- fortiportal
- fortimanager
- fortiproxy
- fortipam
- fortios
CWE
CWE-306
Missing Authentication for Critical Function